From a774f8fd733c89bc12abddb41a93bc204932de7a Mon Sep 17 00:00:00 2001 From: yanta Date: Thu, 18 Jul 2024 13:55:30 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=A2=9E=E5=8A=A0dml=E5=B7=A5=E5=8D=95?= =?UTF-8?q?=E5=BD=B1=E5=93=8D=E8=A1=8C=E6=95=B0=E9=99=90=E5=88=B6=EF=BC=8C?= =?UTF-8?q?=E8=B6=85=E8=BF=87=E9=99=90=E5=88=B6=E5=B7=A5=E5=8D=95=E5=BF=85?= =?UTF-8?q?=E9=A1=BB=E6=8B=86=E5=88=86=E5=B0=8F=E4=BA=8B=E5=8A=A1=E6=8F=90?= =?UTF-8?q?=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/templates/config.html | 10 ++++++++++ sql/engines/mysql.py | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/common/templates/config.html b/common/templates/config.html index 93af8eeb1f..f963cba16f 100755 --- a/common/templates/config.html +++ b/common/templates/config.html @@ -161,6 +161,16 @@

功能模块配置

SQL上线
+
+ +
+ +
+
diff --git a/sql/engines/mysql.py b/sql/engines/mysql.py index 4a5b399ec4..707c42e7a5 100644 --- a/sql/engines/mysql.py +++ b/sql/engines/mysql.py @@ -648,10 +648,12 @@ def execute_check(self, db_name=None, sql=""): # 禁用/高危语句检查 critical_ddl_regex = self.config.get("critical_ddl_regex", "") ddl_dml_separation = self.config.get("ddl_dml_separation", False) + affected_rows_limit = int(self.config.get("affected_rows_limit", 100000000)) #影响最大行数默认100000000行 p = re.compile(critical_ddl_regex) # 获取语句类型:DDL或者DML ddl_dml_flag = "" for row in check_result.rows: + affected_rows = row.affected_rows statement = row.sql # 去除注释 statement = remove_comments(statement, db_type="mysql") @@ -677,6 +679,14 @@ def execute_check(self, db_name=None, sql=""): row.stagestatus = "驳回不支持语句" row.errlevel = 2 row.errormessage = "DDL语句和DML语句不能同时执行!" + # dml影响行数超过限制,超过限制的dml必须拆分成小事务才可以提交 + elif syntax_type == "DML" and affected_rows > affected_rows_limit: + check_result.error_count += 1 + row.stagestatus = "驳回高危SQL" + row.errlevel = 2 + row.errormessage = ( + "禁止提交匹配生产环境,禁止提交影响行数超过" + str(affected_rows_limit) + "行的dml语句!" + ) return check_result def execute_workflow(self, workflow): From 7683ebfaea8c28053dc1d2983dfe4da0d2a8cf63 Mon Sep 17 00:00:00 2001 From: yanta Date: Thu, 18 Jul 2024 14:07:20 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dlint=E6=8A=A5=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/engines/mysql.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sql/engines/mysql.py b/sql/engines/mysql.py index 707c42e7a5..164d27e560 100644 --- a/sql/engines/mysql.py +++ b/sql/engines/mysql.py @@ -648,7 +648,9 @@ def execute_check(self, db_name=None, sql=""): # 禁用/高危语句检查 critical_ddl_regex = self.config.get("critical_ddl_regex", "") ddl_dml_separation = self.config.get("ddl_dml_separation", False) - affected_rows_limit = int(self.config.get("affected_rows_limit", 100000000)) #影响最大行数默认100000000行 + affected_rows_limit = int( + self.config.get("affected_rows_limit", 100000000) + ) # 影响最大行数限制默认100000000行 p = re.compile(critical_ddl_regex) # 获取语句类型:DDL或者DML ddl_dml_flag = "" @@ -685,7 +687,9 @@ def execute_check(self, db_name=None, sql=""): row.stagestatus = "驳回高危SQL" row.errlevel = 2 row.errormessage = ( - "禁止提交匹配生产环境,禁止提交影响行数超过" + str(affected_rows_limit) + "行的dml语句!" + "禁止提交匹配生产环境,禁止提交影响行数超过" + + str(affected_rows_limit) + + "行的dml语句!" ) return check_result From 7260134631ca5fcfc2afd61ad63c0e4a9c1b7492 Mon Sep 17 00:00:00 2001 From: yanta Date: Fri, 19 Jul 2024 11:06:05 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=89=8D=E7=AB=AF?= =?UTF-8?q?=E9=A1=B5=E9=9D=A2=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/templates/config.html | 20 ++++++++++---------- sql/engines/mysql.py | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/common/templates/config.html b/common/templates/config.html index f963cba16f..4df79f13cb 100755 --- a/common/templates/config.html +++ b/common/templates/config.html @@ -161,16 +161,6 @@

功能模块配置

SQL上线
-
- -
- -
-
@@ -314,6 +304,16 @@
SQL上线
+
+ +
+ +
+
diff --git a/sql/engines/mysql.py b/sql/engines/mysql.py index 164d27e560..f6af38577c 100644 --- a/sql/engines/mysql.py +++ b/sql/engines/mysql.py @@ -681,7 +681,7 @@ def execute_check(self, db_name=None, sql=""): row.stagestatus = "驳回不支持语句" row.errlevel = 2 row.errormessage = "DDL语句和DML语句不能同时执行!" - # dml影响行数超过限制,超过限制的dml必须拆分成小事务才可以提交 + # dml影响行数超过限制,超过限制的dml必须拆分成小事务才可以提交,建议不打开REAL_ROW_COUNT elif syntax_type == "DML" and affected_rows > affected_rows_limit: check_result.error_count += 1 row.stagestatus = "驳回高危SQL" From 724826dabe2860a9de91b6a609c7dff753f953d5 Mon Sep 17 00:00:00 2001 From: yanta Date: Fri, 19 Jul 2024 12:25:26 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=89=8D=E7=AB=AF?= =?UTF-8?q?=E9=A1=B5=E9=9D=A2=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/engines/mysql.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sql/engines/mysql.py b/sql/engines/mysql.py index f6af38577c..4629a025b8 100644 --- a/sql/engines/mysql.py +++ b/sql/engines/mysql.py @@ -673,14 +673,6 @@ def execute_check(self, db_name=None, sql=""): row.stagestatus = "驳回高危SQL" row.errlevel = 2 row.errormessage = "禁止提交匹配" + critical_ddl_regex + "条件的语句!" - elif ddl_dml_separation and syntax_type in ("DDL", "DML"): - if ddl_dml_flag == "": - ddl_dml_flag = syntax_type - elif ddl_dml_flag != syntax_type: - check_result.error_count += 1 - row.stagestatus = "驳回不支持语句" - row.errlevel = 2 - row.errormessage = "DDL语句和DML语句不能同时执行!" # dml影响行数超过限制,超过限制的dml必须拆分成小事务才可以提交,建议不打开REAL_ROW_COUNT elif syntax_type == "DML" and affected_rows > affected_rows_limit: check_result.error_count += 1 @@ -691,6 +683,14 @@ def execute_check(self, db_name=None, sql=""): + str(affected_rows_limit) + "行的dml语句!" ) + elif ddl_dml_separation and syntax_type in ("DDL", "DML"): + if ddl_dml_flag == "": + ddl_dml_flag = syntax_type + elif ddl_dml_flag != syntax_type: + check_result.error_count += 1 + row.stagestatus = "驳回不支持语句" + row.errlevel = 2 + row.errormessage = "DDL语句和DML语句不能同时执行!" return check_result def execute_workflow(self, workflow):